# Chains: Using LangChain to Create a Red Team / Penetration Testing Assistant!

## The Goal
Develop a **Red Team** / **Penetration Testing** Assistant utilizing LangChain to facilitate and automate various Red Teaming and Penetration Testing activities.

### Tech Stack
- [**LangChain Python**](https://python.langchain.com/): A powerful library for building applications with large language models.
- [**Jupyter Notebook**](https://jupyter.org/): An interactive computing environment that enables you to author documents that include live code, equations, visualizations, and narrative text.
- [**Ollama**](https://ollama.com/): A tool or platform related to AI. (Provide more specific details if necessary).

## Development

### Timeline
We will begin by training the system to perform attacks on cyber ranges like [Hack The Box](https://hackthebox.com), simulating real-world penetration testing scenarios.

### Setup
To set up the environment, follow these steps:

1. **Create a virtual environment**:
    ```bash
    python3 -m venv .venv
    source .venv/bin/activate
    ```
2. **Install dependencies**:
    ```bash
    pip install -r requirements.txt
    ```

### Usage
After setting up your environment and ensuring all necessary services are running, you can use this Jupyter Notebook to automate the attack process by providing the agent with a scope.

#### Providing the Scope
The scope should be provided in the form of a `.csv` file, similar to the format used by [HackerOne](https://hackerone.com) when defining the scope for their programs.

- For a single target scope, you can provide a single string and specify the target type.

Example of scope definition in `.csv` format:

| Target Type | Target           |
|-------------|------------------|
| Website     | example.com      |
| API         | api.example.com  |
| Network     | 192.168.1.0/24   |

Once the scope is provided, the agent will initiate the attack process. The attack process follows the [Mitre ATT&CK Framework](https://attack.mitre.org), which includes the following phases:

- **Reconnaissance**: Gathering information about the target.
- **Resource Development**: Establishing resources to support operations.
- **Initial Access**: Attempting to gain initial access to the target.
- **Execution**: Running malicious code on the target.
- **Persistence**: Maintaining access to the target.
- **Privilege Escalation**: Gaining higher-level permissions on the target.
- **Defense Evasion**: Avoiding detection and defenses.
- **Credential Access**: Stealing account names and passwords.
- **Discovery**: Identifying details about the target system.
- **Lateral Movement**: Moving through the target network.
- **Collection**: Gathering data from the target.
- **Command and Control**: Communicating with compromised systems.
- **Exfiltration**: Stealing data from the target.
- **Impact**: Manipulating, interrupting, or destroying systems and data.


# Phase 1: Reconnaissance


In [2]:
import os
from getpass import getpass


# load config
from chains.config.config import Config

# Import relevant functionality
from langchain_community.chat_models import ChatOllama



from langchain_community.tools.tavily_search import TavilySearchResults
from langchain_core.messages import HumanMessage
from langgraph.checkpoint.sqlite import SqliteSaver
from langgraph.prebuilt import create_react_agent

# Create the agent
memory = SqliteSaver.from_conn_string(Config.SQLITE_DB_URL)

# create the chat model using Google's Gemma 2 model
ollama_chat_model = ChatOllama(model="gemma2", base_url=Config.OLLAMA_BASE_URL)


search = TavilySearchResults(max_results=2)
tools = [search]
agent_executor = create_react_agent(ollama_chat_model, tools, checkpointer=memory)

# Use the agent
